allexzander
commented
7 months ago @tobiasKaminsky @mgallien
As Matthieu mentioned during our call
Open allexzander opened 7 months ago
allexzander
commented
7 months ago @tobiasKaminsky @mgallien
As Matthieu mentioned during our call
roberix
commented
7 months ago Hi.
@allexzander
As much as I hate the current update process as enterprise customer (we do relulary have severe issues during updating) it gives me also the control I need. What we do is deploying the MSI (with autoupdate OFF) and we are fully in charge which version is installed.
Nextcloud is for our company a critial asset and judging the client versions which are sometimes released we do need to maintain full control. Giving away this control to the users (which will hump on every update button you will present to them) is a dangerous path.
Please whatever you implement - please consider to give the enterprise admins control over the client version management somehow.
On a securty side note - what you suggest makes a devastating supply chain attack more severe and more likely. If there will be a compromise then a self update can be a fatal event. We saw such events regulary in the recent past (Solarwinds..)
Best regards
rob
allexzander
commented
7 months ago @roberix Yes, this is something that I expected. So this needs to be designed thoroughly first.
PhilippSchlesinger
commented
4 weeks ago @allexzander It might be helpful to compare the requirements with the solution that Mozilla uses to update Firefox and Thunderbird, Mozilla Maintenance Service. (A more detailed description can be found here)
At least some of the features needed for Nextcloud Client like
are solved there already.
mgallien
commented
4 weeks ago there would still a requirements to kill all processes that have loaded our files explorer extension DLLs that is a significant difference with what firefox needs to do
PhilippSchlesinger
commented
4 weeks ago there would still a requirements to kill all processes that have loaded our files explorer extension DLLs that is a significant difference with what firefox needs to do
I just wanted to point to a solution that manages installation of updates without user intervention and independently from the running software.
There are so many comments (https://github.com/nextcloud/desktop/issues/5369#issuecomment-1930885425 being only one of them) that indicate that not restarting explorer and not restarting Windows after installation works just fine. Sure, that way running shell extensions will stay active and the updated shell extensions will get active only at the next start.
Here is a description of how exactly this workflow has been realised in an installer.
jimklimov
commented
1 week ago Can you make a shim DLL that Explorer et al can load, which is so little and stupid that it rarely if ever needs an update, and its job is to load/unload the actual DLL during update and proxy its resources?
Waaaay back in the day I remember the mail client TheBat! (IIRC) change its localization this way, by hot-reloading a different resource DLL...
I also remember trying to reproduce it in school (so very way back), and while there was Windows API for that since Win'95 or before, it was still not-implemented in Win'2000 and XP, I think. So there were some other tricks around it, but my memory is fuzzy on that.
The call was there, the code was not, Windows is like that.
We need to implement the updater similar to what is done in e.g. Chrome, or Sparkle on mac, such that we won't need to run the MSI but will just download what has changed (DLLs) and replace the old one with new ones during the restart. It is a big feature. The logic would also unload/kill the DLL extensions if needed (CF API shell extension and those for status overlays and a context menu). In most cases, we won't even need to kill them as they rarely change, but with the current approach - MSI - they are getting removed and re-installed on each update which is not ideal.
Even better would be to have a separate app that will get distributed and what it will do is download the binaries for the Nextcloud client and place them into the installation folder. This would be the second part of the feature and will make a big impact, so we will need to decide how to do it right and transition smoothly.
How to use GitHub
Feature description
Tell us how the feature should work